Windows 8.1 64 Bit Internettabs öffnen sich automatisch

baillan · 12.02.2015, 20:58

Hallo

Mein PC ist extrem langsam geworden.
Ausserdem öffnen sich, wenn ich einen beliebiegen Browser starte, automatisch andere Internetseiten mit Werbung. Weiter schalten sich auf einigen Internetseiten die ich besuche, Werbebanner auf. Habe ein Lied heruntergeladen, das wohl nicht nur ein Lied war

Besten Dank für die Hilfe!

Freundliche Grüsse

Baillan

schrauber · 12.02.2015, 21:27

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

baillan · 12.02.2015, 21:34

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Baillan (administrator) on FABRICE on 12-02-2015 21:19:51
Running from C:\Users\Baillan\Downloads
Loaded Profiles: Baillan (Available profiles: Baillan)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(The Privoxy team - Privoxy - Home Page) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Spotify Ltd) C:\Users\Baillan\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
() C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Dropbox, Inc.) C:\Users\Baillan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
() C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4464936 2014-01-24] (O&O Software GmbH)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-08-07] (Juniper Networks, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Spotify] => C:\Users\Baillan\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Spotify Web Helper] => C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Baillan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [4946856 2014-10-16] (Steganos Software GmbH)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {2bd41bf2-8396-11e3-8258-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {54db2e12-e983-11e3-826d-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {585e4dc4-f9eb-11e3-826f-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {ab4b125f-76dd-11e3-8254-806e6f6e6963} - "E:\autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{177DE549-9107-4370-A840-9FC4AE8BC2BE}\app_icon.ico ()
Startup: C:\Users\Baillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-21-590913564-4252522651-4106047901-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-590913564-4252522651-4106047901-1001] => http=127.0.0.1:8118;https=127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mystartsearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = mystartsearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = mystartsearch
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = Windows Defender
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP1D075928-469C-4882-8EB1-2A17742F709C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP1D075928-469C-4882-8EB1-2A17742F709C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: MInimumPricce -> {142cf675-f4ff-4aed-890e-3bae7f87f6cc} -> C:\ProgramData\MInimumPricce\1aVBYdNOLOPQYO.x64.dll ()
BHO: JoniCoUponn -> {1e96740b-33ca-4c20-94c7-24cab81638df} -> C:\ProgramData\JoniCoUponn\XxfS7S7rHKL4Xm.x64.dll ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: AllCCheapiPricee -> {506cb264-010c-4600-9270-adf959277e9b} -> C:\Program Files (x86)\AllCCheapiPricee\Zi7e9JawKNfkw7.x64.dll ()
BHO: RegullarDeallS -> {6f8172d4-4acb-411e-abdb-976128f8f34a} -> C:\ProgramData\RegullarDeallS\mTj1RFhjJfaNDy.x64.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO: 50CCoupponnS -> {fc6837c6-c38c-4b28-8fdf-882c27696402} -> C:\ProgramData\50CCoupponnS\Cc4SzTULDfiO2P.x64.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: MInimumPricce -> {142cf675-f4ff-4aed-890e-3bae7f87f6cc} -> C:\ProgramData\MInimumPricce\1aVBYdNOLOPQYO.dll ()
BHO-x32: JoniCoUponn -> {1e96740b-33ca-4c20-94c7-24cab81638df} -> C:\ProgramData\JoniCoUponn\XxfS7S7rHKL4Xm.dll ()
BHO-x32: AllCCheapiPricee -> {506cb264-010c-4600-9270-adf959277e9b} -> C:\Program Files (x86)\AllCCheapiPricee\Zi7e9JawKNfkw7.dll ()
BHO-x32: RegullarDeallS -> {6f8172d4-4acb-411e-abdb-976128f8f34a} -> C:\ProgramData\RegullarDeallS\mTj1RFhjJfaNDy.dll ()
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: 50CCoupponnS -> {fc6837c6-c38c-4b28-8fdf-882c27696402} -> C:\ProgramData\50CCoupponnS\Cc4SzTULDfiO2P.dll ()
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E858E2B0-42B3-4C6C-8171-56695B32ABF4}: [NameServer] 10.1.194.41,10.1.194.42
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: about:home
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Extension: DeaalExpreass - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\0f@OGVH2HmiT.net [2015-01-09]
FF Extension: SaverEoxteensiion - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\9@jbiIchieA.org [2015-01-19]
FF Extension: YoutubeAdBlocke - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\aSJ@BrfjyrQ.org [2014-12-05]
FF Extension: MInuImuomPrice - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\bFCn@5.com [2015-01-23]
FF Extension: BuyNsave - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\fd@5qV0HBr9.edu [2014-12-05]
FF Extension: DigiSaVer - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\ifKlf@b1NI.com [2015-02-12]
FF Extension: CheapMe - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\sF@OLBQQl1B.edu [2014-12-22]
FF Extension: Fun2Save - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\Zvk@kfMSKN.com [2014-12-13]
FF Extension: EPUBReader - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-01-19]
FF Extension: WOT - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-22]
FF Extension: Cliqz Beta - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\cliqz@cliqz.com.xpi [2014-09-03]
FF Extension: Adblock Plus - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-22]
FF Extension: OkayFreedom - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-18]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-01-10]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4092928 2014-12-05] () [File not signed] <==== ATTENTION
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-27] (Hewlett-Packard Company) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [321976 2014-10-16] (Steganos Software GmbH)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657128 2014-01-24] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
R2 SystemUpdatekb70007; C:\windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks)
S4 jnprTdi_806_48695; C:\windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U4 AdobeARMservice; No ImagePath
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 X6va019; \??\C:\windows\SysWOW64\Drivers\X6va019 [X]
S3 X6va021; \??\C:\windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 21:18 - 2015-02-12 21:18 - 00000476 _____ () C:\Users\Baillan\Downloads\defogger_disable.log
2015-02-12 21:18 - 2015-02-12 21:18 - 00000000 _____ () C:\Users\Baillan\defogger_reenable
2015-02-12 21:17 - 2015-02-12 21:17 - 00050477 _____ () C:\Users\Baillan\Downloads\Defogger.exe
2015-02-12 20:48 - 2015-02-12 20:50 - 00035177 _____ () C:\Users\Baillan\Downloads\Addition.txt
2015-02-12 20:45 - 2015-02-12 21:19 - 00028824 _____ () C:\Users\Baillan\Downloads\FRST.txt
2015-02-12 20:45 - 2015-02-12 21:19 - 00000000 ____D () C:\FRST
2015-02-12 20:44 - 2015-02-12 20:44 - 02134016 _____ (Farbar) C:\Users\Baillan\Downloads\FRST64.exe
2015-02-12 20:39 - 2015-02-12 20:39 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-12 20:39 - 2015-02-12 20:39 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-12 20:39 - 2015-02-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-12 20:37 - 2015-02-12 20:37 - 00243664 _____ () C:\Users\Baillan\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-12 20:07 - 2015-02-12 20:07 - 00000000 ____D () C:\Program Files (x86)\Ultimate Football Results
2015-02-12 20:07 - 2015-02-12 20:07 - 00000000 ____D () C:\Program Files (x86)\DigiSaVer
2015-02-12 20:07 - 2015-02-12 20:07 - 00000000 ____D () C:\Program Files (x86)\AllCCheapiPricee
2015-02-12 19:47 - 2015-02-12 19:47 - 00000000 ____D () C:\ProgramData\DeleteAd
2015-02-12 19:42 - 2015-02-12 19:42 - 00000000 __SHD () C:\Users\Baillan\AppData\Local\EmieBrowserModeList
2015-01-30 20:49 - 2015-01-30 20:49 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-23 11:45 - 2015-02-12 19:58 - 00000000 ____D () C:\ProgramData\RegullarDeallS
2015-01-19 14:31 - 2015-02-12 19:58 - 00000000 ____D () C:\ProgramData\MInimumPricce
2015-01-16 18:17 - 2015-01-16 18:17 - 00000000 ____D () C:\ProgramData\dmphgiejllnfdeppeeplfjeekghmonbp
2015-01-16 17:45 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-16 17:45 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-16 17:45 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-16 17:45 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-16 17:45 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-16 17:45 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-16 17:45 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-16 17:45 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-16 17:45 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-16 17:45 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-16 17:45 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-16 17:45 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-16 17:45 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-16 17:45 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-16 17:45 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-16 17:45 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-16 17:45 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-16 17:45 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-16 17:45 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-16 17:45 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-16 17:45 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 21:18 - 2014-01-06 15:23 - 00000000 ____D () C:\Users\Baillan
2015-02-12 21:14 - 2014-01-07 19:26 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Spotify
2015-02-12 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-12 20:49 - 2014-04-07 20:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 20:48 - 2014-01-06 15:23 - 01708709 _____ () C:\windows\WindowsUpdate.log
2015-02-12 20:44 - 2014-01-06 19:22 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-590913564-4252522651-4106047901-1001
2015-02-12 20:42 - 2014-01-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-12 20:32 - 2014-12-05 15:39 - 00000000 ____D () C:\Users\Baillan\AppData\Local\CrashDumps
2015-02-12 20:07 - 2014-12-05 15:39 - 00000000 ____D () C:\ProgramData\3741947960439653332
2015-02-12 19:58 - 2015-01-09 11:33 - 00000000 ____D () C:\ProgramData\JoniCoUponn
2015-02-12 19:58 - 2015-01-09 11:33 - 00000000 ____D () C:\ProgramData\50CCoupponnS
2015-02-12 19:49 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2015-02-12 19:45 - 2014-01-06 15:25 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{514AC32F-7C86-4F8E-9FD7-95E995D82BD2}
2015-02-12 19:44 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-12 19:43 - 2014-01-06 20:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-12 19:43 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-12 19:42 - 2014-01-06 20:29 - 00000000 ____D () C:\Users\Baillan\AppData\Local\Google
2015-02-12 19:36 - 2014-04-07 20:37 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 19:35 - 2014-11-20 18:32 - 00000000 ___RD () C:\Users\Baillan\Dropbox
2015-02-12 19:35 - 2014-05-23 12:38 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Dropbox
2015-02-12 19:34 - 2014-12-18 18:14 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Steganos VPN
2015-02-12 19:34 - 2014-01-07 19:27 - 00000000 ____D () C:\Users\Baillan\AppData\Local\Spotify
2015-02-12 19:31 - 2013-11-30 07:48 - 00757756 _____ () C:\windows\system32\perfh007.dat
2015-02-12 19:31 - 2013-11-30 07:48 - 00173028 _____ () C:\windows\system32\perfc007.dat
2015-02-12 19:31 - 2013-11-30 07:43 - 00790536 _____ () C:\windows\system32\perfh00C.dat
2015-02-12 19:31 - 2013-11-30 07:43 - 00173774 _____ () C:\windows\system32\perfc00C.dat
2015-02-12 19:31 - 2013-08-24 22:38 - 02749512 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-12 19:27 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-12 19:26 - 2013-08-22 15:46 - 00040708 _____ () C:\windows\setupact.log
2015-01-23 11:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-01-23 11:45 - 2014-12-13 21:05 - 00000000 ____D () C:\ProgramData\33ee11d82600c3d4
2015-01-19 22:32 - 2014-12-16 20:39 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-16 20:39 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-19 13:50 - 2013-08-24 22:32 - 00061944 _____ () C:\windows\PFRO.log
2015-01-19 13:48 - 2014-01-09 17:41 - 00000000 ____D () C:\windows\system32\MRT
2015-01-19 13:46 - 2014-12-13 21:05 - 00000000 ____D () C:\ProgramData\50Coupons
2015-01-19 13:46 - 2014-12-05 15:40 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdBlocke
2015-01-19 13:46 - 2014-12-05 15:39 - 00000000 ____D () C:\Program Files (x86)\BuyNsave
2015-01-19 13:43 - 2014-01-09 17:41 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-01-06 21:21 - 2014-01-06 21:43 - 0007611 _____ () C:\Users\Baillan\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Baillan\AppData\Local\Temp\180209.exe
C:\Users\Baillan\AppData\Local\Temp\375afac87.exe
C:\Users\Baillan\AppData\Local\Temp\405D7932381d0.exe
C:\Users\Baillan\AppData\Local\Temp\76F13f3201.exe
C:\Users\Baillan\AppData\Local\Temp\ANPDApi.dll
C:\Users\Baillan\AppData\Local\Temp\aoe3-114-german.exe
C:\Users\Baillan\AppData\Local\Temp\b98a07E37Fdb.exe
C:\Users\Baillan\AppData\Local\Temp\CFC92.exe
C:\Users\Baillan\AppData\Local\Temp\downloader.dll
C:\Users\Baillan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzuz8uz.dll
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100088.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100096.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100106.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100112.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\Baillan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Baillan\AppData\Local\Temp\install_flashplayer14x32au_mssa_aaa_aih.exe
C:\Users\Baillan\AppData\Local\Temp\nsm2AF0.exe
C:\Users\Baillan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Baillan\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_23a9c498-5d82-48d5-810f-64a3d8f7304f_TX_DB_.exe
C:\Users\Baillan\AppData\Local\Temp\SPSetup.exe
C:\Users\Baillan\AppData\Local\Temp\standalonepatcher.exe
C:\Users\Baillan\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-20 16:26

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Baillan at 2015-02-12 20:48:59
Running from C:\Users\Baillan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AmpWare (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}) (Version:  - ReaderX) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BuyNsave (HKLM-x32\...\{842C4394-47F7-60DE-480B-C09116B63559}) (Version:  - BuyNsave) <==== ATTENTION
calibre (HKLM-x32\...\{69402281-8050-417B-93D8-9C2DB46C9DDC}) (Version: 2.1.0 - Kovid Goyal)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.11 - Cliqz.com)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeleteAd (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - DeleteAd) <==== ATTENTION
Dropbox (HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Gefeuert - Dein Letzer Tag Version 1 (HKLM-x32\...\{4D11CACF-53E1-4170-886C-93F1BE34CEFC}_is1) (Version: 1 - UGP)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.51 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{390AD982-A331-4D4F-AFD1-64005BC7C99D}) (Version: 7.3.35.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Juniper Networks Setup Client (HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (Version: 5.0.48695 - Ihr Firmenname) Hidden
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.48695 - Juniper Networks, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team)
NidwaldenTax 2013 13.3.37 (HKLM-x32\...\NP_NW_2013) (Version: 13.3.37 - Ringler Informatik AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
O&O Defrag Professional (HKLM\...\{177DE549-9107-4370-A840-9FC4AE8BC2BE}) (Version: 17.0.504 - O&O Software GmbH)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Smart Coupon (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Spotify (HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden <==== ATTENTION
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
YoutubeAdBlocke (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Baillan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Baillan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Baillan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Baillan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-590913564-4252522651-4106047901-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

20-11-2014 19:15:55 Installed Junos Pulse.
23-11-2014 19:57:18 Windows Update
28-11-2014 18:51:01 Windows Update
13-12-2014 20:26:21 Windows Update
20-12-2014 19:07:11 Windows Update
25-12-2014 17:32:59 Windows Update
19-01-2015 13:42:34 Windows Update
23-01-2015 11:05:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-11-20 20:43 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {099E2454-A9A0-467F-90F1-300C1FA48C0B} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {556E3AA3-87E4-4AFD-9FA7-0BF5A4BF128B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-27] (Hewlett-Packard Company)
Task: {7672A595-7593-4C81-A76B-C29BA8D673AE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {7C708B56-5661-4575-B5A2-C85E166AA7A5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {7F162303-E545-4DA3-AE7F-819C76523CFF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A7EA86AB-A323-4F66-9C88-317758C58BC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-27] (Hewlett-Packard Company)
Task: {A84B30FB-6A65-4F37-8960-63E0086BF02F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {B3909BC3-036C-4C0E-B8B7-D364955B25C4} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {BCB630E6-17AC-47F8-8C1C-720A17472341} - System32\Tasks\Games\UpdateCheck_S-1-5-21-590913564-4252522651-4106047901-1001
Task: {CC2D9F59-6865-41D1-BCDC-DCEFB0C5CC44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D97C658C-466B-46B2-AB46-0135B69BDAB0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-12] (Adobe Systems Incorporated)
Task: {E7A91606-4BAC-48A1-A8F7-3BDDFFAD5B3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 12:22 - 2013-09-05 12:22 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-05 12:24 - 2013-09-05 12:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-05 12:24 - 2013-09-05 12:24 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-05 12:21 - 2013-09-05 12:21 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-05 12:36 - 2013-09-05 12:36 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-05 12:36 - 2013-09-05 12:36 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-19 18:16 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-05-21 16:52 - 2014-05-08 10:45 - 00018944 _____ () C:\windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-09-05 12:31 - 2013-09-05 12:31 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-01-07 19:27 - 2014-12-18 17:43 - 00374840 _____ () C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2015-01-19 14:31 - 2015-01-19 14:31 - 00701952 _____ () C:\ProgramData\MInimumPricce\1aVBYdNOLOPQYO.x64.dll
2015-01-09 11:33 - 2015-01-09 11:33 - 00701952 _____ () C:\ProgramData\JoniCoUponn\XxfS7S7rHKL4Xm.x64.dll
2015-01-23 11:45 - 2015-01-23 11:45 - 00699904 _____ () C:\ProgramData\RegullarDeallS\mTj1RFhjJfaNDy.x64.dll
2015-01-09 11:33 - 2015-01-09 11:33 - 00701952 _____ () C:\ProgramData\50CCoupponnS\Cc4SzTULDfiO2P.x64.dll
2015-02-12 20:07 - 2015-02-12 20:07 - 00703488 _____ () C:\Program Files (x86)\AllCCheapiPricee\Zi7e9JawKNfkw7.x64.dll
2014-12-05 15:41 - 2014-12-05 15:41 - 04092928 _____ () c:\Program Files (x86)\DeltaFix\DeltaFix.dll
2014-05-27 11:32 - 2014-05-27 11:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-05-27 11:32 - 2014-05-27 11:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 11:33 - 2014-05-27 11:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 11:32 - 2014-05-27 11:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 11:33 - 2014-05-27 11:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-05-21 16:52 - 2014-05-08 10:45 - 00061952 _____ () C:\windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-21 16:52 - 2014-05-08 10:45 - 00016896 _____ () C:\windows\Microsoft\SystemUpdatekb70007\Installer.dll
2014-05-21 16:52 - 2015-02-12 19:27 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll
2013-11-30 07:15 - 2013-08-12 10:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-07 19:27 - 2014-12-18 17:43 - 36966968 _____ () C:\Users\Baillan\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-18 17:29 - 2014-12-18 17:43 - 00867896 _____ () C:\Users\Baillan\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-01-07 19:27 - 2014-12-18 17:43 - 00886840 _____ () C:\Users\Baillan\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-01-07 19:27 - 2014-12-18 17:43 - 00108600 _____ () C:\Users\Baillan\AppData\Roaming\Spotify\Data\libegl.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Baillan\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-12 19:34 - 2015-02-12 19:34 - 00043008 _____ () c:\users\baillan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzuz8uz.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Baillan\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Baillan\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Baillan\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-11-30 07:18 - 2013-08-05 08:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 00:48 - 2013-08-06 00:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-12 20:39 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-590913564-4252522651-4106047901-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-590913564-4252522651-4106047901-500 - Administrator - Disabled)
Baillan (S-1-5-21-590913564-4252522651-4106047901-1001 - Administrator - Enabled) => C:\Users\Baillan
Gast (S-1-5-21-590913564-4252522651-4106047901-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2015 08:38:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17416, Zeitstempel: 0x5452fe91
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17496, Zeitstempel: 0x546ffcc5
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00000000000c7928
ID des fehlerhaften Prozesses: 0x101c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Vollständiger Name des fehlerhaften Pakets: iexplore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: iexplore.exe5

Error: (02/12/2015 08:31:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe, Version: 8.0.0.51, Zeitstempel: 0x5228424c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0xba8
Startzeit der fehlerhaften Anwendung: 0xOPBHOBrokerDsktop.exe0
Pfad der fehlerhaften Anwendung: OPBHOBrokerDsktop.exe1
Pfad des fehlerhaften Moduls: OPBHOBrokerDsktop.exe2
Berichtskennung: OPBHOBrokerDsktop.exe3
Vollständiger Name des fehlerhaften Pakets: OPBHOBrokerDsktop.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OPBHOBrokerDsktop.exe5

Error: (02/12/2015 08:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 64265

Error: (02/12/2015 08:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 64265

Error: (02/12/2015 08:26:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2015 08:25:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1078

Error: (02/12/2015 08:25:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1078

Error: (02/12/2015 08:25:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/12/2015 07:51:50 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (02/12/2015 07:37:18 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161


System errors:
=============
Error: (02/12/2015 08:37:59 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/12/2015 08:31:10 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/12/2015 08:31:10 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/12/2015 08:24:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/12/2015 08:05:51 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/12/2015 08:05:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/12/2015 08:05:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/12/2015 08:05:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (02/12/2015 08:05:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/12/2015 07:27:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-10 14:17:48.450
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:48.296
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:48.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:47.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:47.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:47.618
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:45.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:44.946
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:44.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-10 14:17:44.323
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 74%
Total physical RAM: 8097.27 MB
Available physical RAM: 2088.39 MB
Total Pagefile: 10388.31 MB
Available Pagefile: 1370.4 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:919.25 GB) (Free:836.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.78 GB) (Free:1.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (AOE III DISC 1) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 72F8B2B6)

Partition: GPT Partition Type.

==================== End Of Log ============================

--- --- ---

schrauber · 13.02.2015, 07:11

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

AmpWare

BuyNsave

DeleteAd

Smart Coupon

System Update kb70007

YoutubeAdBlocke
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

baillan · 13.02.2015, 12:18

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 13.02.2015
Suchlauf-Zeit: 11:15:52
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.13.03
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Baillan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 349058
Verstrichene Zeit: 13 Min, 35 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 3
Trojan.FakeMS, C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe, 2020, Löschen bei Neustart, [6f88fe1f88023105d6ac0508cb3751af]
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy.exe, 2868, Löschen bei Neustart, [50a752cbcdbd61d583b26afbb053d22e]
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe, 2020, Löschen bei Neustart, [956248d58efc6bcb862a225ecf347987]

Module: 3
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\mgwz.dll, Löschen bei Neustart, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll, Löschen bei Neustart, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll, Löschen bei Neustart, [956248d58efc6bcb862a225ecf347987],

Registrierungsschlüssel: 59
Trojan.FakeMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemUpdatekb70007, In Quarantäne, [6f88fe1f88023105d6ac0508cb3751af],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [0bec09143753e94d8393af57f310db25],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{fc6837c6-c38c-4b28-8fdf-882c27696402}, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pfc6837c6_c38c_4b28_8fdf_882c27696402_.Pfc6837c6_c38c_4b28_8fdf_882c27696402_, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pfc6837c6_c38c_4b28_8fdf_882c27696402_.Pfc6837c6_c38c_4b28_8fdf_882c27696402_.9, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pfc6837c6_c38c_4b28_8fdf_882c27696402_.Pfc6837c6_c38c_4b28_8fdf_882c27696402_, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pfc6837c6_c38c_4b28_8fdf_882c27696402_.Pfc6837c6_c38c_4b28_8fdf_882c27696402_.9, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{FC6837C6-C38C-4B28-8FDF-882C27696402}, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FC6837C6-C38C-4B28-8FDF-882C27696402}, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FC6837C6-C38C-4B28-8FDF-882C27696402}, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FC6837C6-C38C-4B28-8FDF-882C27696402}, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FC6837C6-C38C-4B28-8FDF-882C27696402}, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1e96740b-33ca-4c20-94c7-24cab81638df}, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P1e96740b_33ca_4c20_94c7_24cab81638df_.P1e96740b_33ca_4c20_94c7_24cab81638df_, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P1e96740b_33ca_4c20_94c7_24cab81638df_.P1e96740b_33ca_4c20_94c7_24cab81638df_.9, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P1e96740b_33ca_4c20_94c7_24cab81638df_.P1e96740b_33ca_4c20_94c7_24cab81638df_, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P1e96740b_33ca_4c20_94c7_24cab81638df_.P1e96740b_33ca_4c20_94c7_24cab81638df_.9, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{1E96740B-33CA-4C20-94C7-24CAB81638DF}, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1E96740B-33CA-4C20-94C7-24CAB81638DF}, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1E96740B-33CA-4C20-94C7-24CAB81638DF}, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1E96740B-33CA-4C20-94C7-24CAB81638DF}, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1E96740B-33CA-4C20-94C7-24CAB81638DF}, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{142cf675-f4ff-4aed-890e-3bae7f87f6cc}, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P142cf675_f4ff_4aed_890e_3bae7f87f6cc_.P142cf675_f4ff_4aed_890e_3bae7f87f6cc_, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P142cf675_f4ff_4aed_890e_3bae7f87f6cc_.P142cf675_f4ff_4aed_890e_3bae7f87f6cc_.9, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P142cf675_f4ff_4aed_890e_3bae7f87f6cc_.P142cf675_f4ff_4aed_890e_3bae7f87f6cc_, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P142cf675_f4ff_4aed_890e_3bae7f87f6cc_.P142cf675_f4ff_4aed_890e_3bae7f87f6cc_.9, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{142CF675-F4FF-4AED-890E-3BAE7F87F6CC}, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{142CF675-F4FF-4AED-890E-3BAE7F87F6CC}, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{142CF675-F4FF-4AED-890E-3BAE7F87F6CC}, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{142CF675-F4FF-4AED-890E-3BAE7F87F6CC}, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{142CF675-F4FF-4AED-890E-3BAE7F87F6CC}, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [4fa829f4e9a145f184adb2465fa55ea2],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, [e5127da0216955e105108f0bbe45ca36],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [39be23facbbff244f215fdabbc47fc04],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a552839a2f5b9c9af041dd1be81c6e92],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{774350ce}, In Quarantäne, [8e6970ad1e6ce551906bd1e1b1524ab6],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}, In Quarantäne, [40b79a836822a195698a6645dd26d828],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [e017b6678604f541686d3a6d838019e7],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [ed0ab865ed9d082e1de90f99748fea16],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [2ccb44d9aedce45296a5e7b6aa590df3],
PUP.Optional.Qone8, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [33c495881d6d0b2b54dc8573cf35b848],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0F19EF48-CB8C-416A-B84C-C33B02970632}, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{382F6195-1B46-40D5-B9FD-0493263E6132}, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DFF50D27-9859-4F50-9BE1-A4CBFA102B9D}, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0F19EF48-CB8C-416A-B84C-C33B02970632}, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{382F6195-1B46-40D5-B9FD-0493263E6132}, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DFF50D27-9859-4F50-9BE1-A4CBFA102B9D}, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.SystemUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemUpdatekb70007, In Quarantäne, [956248d58efc6bcb862a225ecf347987],

Registrierungswerte: 7
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [e017b6678604f541686d3a6d838019e7]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, amt, In Quarantäne, [ed0ab865ed9d082e1de90f99748fea16]
PUM.Bad.Proxy, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [fcfbad704545c67019db812a72912cd4]
PUM.Bad.Proxy, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [a354011cd1b9d561777d58539271ea16]
PUM.Bad.Proxy, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [da1dbd60137788aef004466535ceaf51]
PUM.Bad.Proxy, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [54a3f02d5f2bc6703abab1fa748f8d73]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [45b2c855602af046109f3184996a847c]

Registrierungsdaten: 7
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}),Ersetzt,[d91e74a95832f343d6a3644ea26303fd]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, mystartsearch, Gut: (Google), Schlecht: (mystartsearch,[06f108158a00cc6a88f0a70bd92c748c]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}),Ersetzt,[e7109b82d9b13afc83f74072a164d12f]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}),Ersetzt,[7087c459c1c9e254e099e1d19a6b956b]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, mystartsearch, Gut: (Google), Schlecht: (mystartsearch,[01f6e23b8efcc571ff79e0d2da2beb15]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1417790499&from=wpc&uid=ST1000DM003-1CH162_Z1D810TL&q={searchTerms}),Ersetzt,[07f0b26b4b3ff3432d4d4d653bca8878]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-590913564-4252522651-4106047901-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, mystartsearch, Gut: (Google), Schlecht: (mystartsearch,[50a7b76676148bab0774a60c947156aa]

Ordner: 19
Rogue.Multiple, C:\ProgramData\3872871776, In Quarantäne, [9760ed302a603ff70dd16ed5f40fa45c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\backup, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy, Löschen bei Neustart, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\images, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [a354bc61cbbfe05683f3df89758e8d73],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [a354bc61cbbfe05683f3df89758e8d73],
PUP.Optional.MultiPlug.A, C:\ProgramData\50Coupons, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, C:\ProgramData\MInimumPricce, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.SupTab.A, C:\Users\Baillan\AppData\Roaming\SupTab, In Quarantäne, [3cbbd34a93f7d75f27d6264949ba49b7],
PUP.Optional.MultiPlug.A, C:\ProgramData\BlockIt Ad remover, In Quarantäne, [86710716c3c775c170860671cb38ef11],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007, Löschen bei Neustart, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.FunDeals.A, C:\ProgramData\FunDeals, In Quarantäne, [f8ffa974f79351e565943a4c699a738d],

Dateien: 122
Trojan.FakeMS, C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe, Löschen bei Neustart, [6f88fe1f88023105d6ac0508cb3751af],
PUP.Optional.MultiPlug.A, C:\ProgramData\50CCoupponnS\Cc4SzTULDfiO2P.dll, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
PUP.Optional.MultiPlug.A, C:\ProgramData\50CCoupponnS\Cc4SzTULDfiO2P.x64.dll, In Quarantäne, [6b8c8994becc94a2029db0fc5baa3bc5],
Trojan.Agent, C:\ProgramData\50Coupons\WS8mcI1ZtenrIp.exe, In Quarantäne, [d81f58c595f5f73fc612798c4db54ab6],
PUP.Optional.MultiPlug.A, C:\ProgramData\JoniCoUponn\XxfS7S7rHKL4Xm.dll, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, C:\ProgramData\JoniCoUponn\XxfS7S7rHKL4Xm.x64.dll, In Quarantäne, [b146d14c9feb80b64a551b91986da45c],
PUP.Optional.MultiPlug.A, C:\ProgramData\MInimumPricce\1aVBYdNOLOPQYO.dll, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
PUP.Optional.MultiPlug.A, C:\ProgramData\MInimumPricce\1aVBYdNOLOPQYO.x64.dll, In Quarantäne, [f7004ecfd1b936009a05a10b0df8946c],
Trojan.Agent, C:\ProgramData\FunDeals\MgOOqZcLFB4GU1.exe, In Quarantäne, [5f983fde98f24ee88e4ad035a65c916f],
PUP.Optional.Unizeto, C:\Users\Baillan\AppData\Local\Temp\180209.exe, In Quarantäne, [1bdcb6679af01d191373e419d22f8779],
PUP.Optional.Conduit.A, C:\Users\Baillan\AppData\Local\Temp\nsm2AF0.exe, In Quarantäne, [599e5bc2dfab60d6f5d400a9bf425ca4],
PUP.Optional.Unizeto, C:\Users\Baillan\AppData\Local\Temp\b98a07E37Fdb.exe, In Quarantäne, [a05708155f2bd462bec8629bdf22fd03],
PUP.Optional.Unizeto, C:\Users\Baillan\AppData\Local\Temp\CFC92.exe, In Quarantäne, [fff8cf4e355551e5d1b556a726db59a7],
PUP.Optional.SearchProtect.A, C:\Users\Baillan\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [995e28f502880c2aba2c347f0df44cb4],
PUP.Optional.Unizeto, C:\Users\Baillan\AppData\Local\Temp\375afac87.exe, In Quarantäne, [857249d44b3f56e0cbbb6796af529967],
PUP.Optional.Unizeto, C:\Users\Baillan\AppData\Local\Temp\405D7932381d0.exe, In Quarantäne, [688fd14c8bff8fa7ff879a6315ec7c84],
Trojan.FakeMS, C:\Users\Baillan\AppData\Local\Temp\MsiToExe.SetupExtension.msi, In Quarantäne, [39be2eef5238ed49a8da58b5de24669a],
PUP.Optional.Unizeto, C:\Users\Baillan\AppData\Local\Temp\76F13f3201.exe, In Quarantäne, [d91e5cc1d4b60333b0d6feffce332dd3],
PUP.Optional.V9.A, C:\Users\Baillan\AppData\Local\Temp\442764078\442764078.zipDir\qSE.exe, In Quarantäne, [32c589941f6b58de18121138cc346c94],
PUP.Optional.Skytech.A, C:\Users\Baillan\AppData\Local\Temp\442764078\442764078.zipDir\UninstallManager.exe, In Quarantäne, [6a8d0617781271c5a298bbf247ba10f0],
PUP.Optional.Bundle, C:\Users\Baillan\AppData\Local\Temp\64f81b15e9a78\temp\wpc_mystartsearch.exe, In Quarantäne, [cc2b27f62a605bdb6c4a965df40d19e7],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsdE7EE.exe, In Quarantäne, [01f678a517739a9c06c3c5e48e7343bd],
PUP.Optional.Conduit.A, C:\Windows\Temp\nszCABC.exe, In Quarantäne, [f8ff110c7c0efe38d0f9a60360a1f709],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsrD88B.exe, In Quarantäne, [dc1b4bd2e3a7d56105c4614860a10bf5],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsnBABD.exe, In Quarantäne, [61967aa32f5b0f27b9102f7a13eed828],
Trojan.FakeMS, C:\Windows\Installer\1a64af90.msi, In Quarantäne, [35c262bb0f7be353dda5000d7a88e917],
PUP.Optional.MyStartSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml, In Quarantäne, [4ea924f9f496a49226ed1b7f0af91ae6],
PUP.Optional.InetStat.A, C:\Users\Baillan\AppData\Roaming\InetStat\inetstat.exe, In Quarantäne, [fdfa8f8ec6c480b60d46c1db5da6ef11],
Rogue.Multiple, C:\ProgramData\3872871776\BITECC4.tmp, In Quarantäne, [9760ed302a603ff70dd16ed5f40fa45c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\Installer.dll, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallerLibrary.dll, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.dll, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.InstallState, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\Newtonsoft.Json.dll, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe.config, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\SQLite.Interop.dll, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\System.Data.SQLite.dll, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\win32.reg, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe.config, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\backup\InstallerLibrary.dll, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\backup\uninstall.exe, In Quarantäne, [0fe8db426d1df73f5cd89cc9cc37b24e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\AUTHORS.txt, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\config.txt, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\default.action, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\default.filter, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\LICENSE.txt, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\match-all.action, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\mgwz.dll, Löschen bei Neustart, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy.exe, Löschen bei Neustart, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy.log, Löschen bei Neustart, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy_uninstall.exe, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\README.txt, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\trust.txt, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.action, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.action_empty, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.filter, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.filter_old, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\p_doc.css, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\coding.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\cvs.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\documentation.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\index.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\introduction.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\newrelease.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\testing.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\webserver-update.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\configuration.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\contact.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\copyright.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\general.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\index.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\installation.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\misc.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\trouble.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\images\files-in-use.jpg, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\images\proxy_setup.jpg, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\actions-file.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\appendix.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\config.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\configuration.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\contact.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\copyright.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\files-in-use.jpg, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\filter-file.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\index.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\installation.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\introduction.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\proxy2.jpg, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\proxy_setup.jpg, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\p_doc.css, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\quickstart.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\seealso.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\startup.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\templates.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\whatsnew.html, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\cgi-style.css, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\connect-failed, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-local-help, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-support-and-service, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-title, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-unstable-warning, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\no-such-domain, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\url-info-osd.xml, In Quarantäne, [50a752cbcdbd61d583b26afbb053d22e],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [a354bc61cbbfe05683f3df89758e8d73],
PUP.Optional.MultiPlug.A, C:\ProgramData\50Coupons\WS8mcI1ZtenrIp.dat, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, C:\ProgramData\50Coupons\WS8mcI1ZtenrIp.exe, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, C:\ProgramData\50Coupons\WS8mcI1ZtenrIp.tlb, In Quarantäne, [04f38499d9b14de920671f4cd330659b],
PUP.Optional.MultiPlug.A, C:\ProgramData\MInimumPricce\1aVBYdNOLOPQYO.dat, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, C:\ProgramData\MInimumPricce\1aVBYdNOLOPQYO.tlb, In Quarantäne, [2bcc50cd5436b87ea32d4d21c93a9c64],
PUP.Optional.MultiPlug.A, C:\ProgramData\BlockIt Ad remover\BlockIt Ad remover.exe, In Quarantäne, [86710716c3c775c170860671cb38ef11],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll, Löschen bei Neustart, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll, Löschen bei Neustart, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\Newtonsoft.Json.dll, In Quarantäne, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\SQLite.Interop.dll, In Quarantäne, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\System.Data.SQLite.dll, In Quarantäne, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\win32.reg, In Quarantäne, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe, Löschen bei Neustart, [956248d58efc6bcb862a225ecf347987],
PUP.Optional.FunDeals.A, C:\ProgramData\FunDeals\MgOOqZcLFB4GU1.dat, In Quarantäne, [f8ffa974f79351e565943a4c699a738d],
PUP.Optional.FunDeals.A, C:\ProgramData\FunDeals\MgOOqZcLFB4GU1.exe, In Quarantäne, [f8ffa974f79351e565943a4c699a738d],
PUP.Optional.FunDeals.A, C:\ProgramData\FunDeals\MgOOqZcLFB4GU1.tlb, In Quarantäne, [f8ffa974f79351e565943a4c699a738d],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

(end)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 13/02/2015 um 11:51:48
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-13.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Baillan - FABRICE
# Gestarted von : C:\Users\Baillan\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\50CCoupponnS
Ordner Gelöscht : C:\ProgramData\JoniCoUponn
Ordner Gelöscht : C:\ProgramData\RegullarDeallS
Ordner Gelöscht : C:\ProgramData\33ee11d82600c3d4
Ordner Gelöscht : C:\ProgramData\3741947960439653332
Ordner Gelöscht : C:\Program Files (x86)\DigiSaver
Ordner Gelöscht : C:\Program Files (x86)\MSR
Ordner Gelöscht : C:\Program Files (x86)\AllCCheapiPricee
Ordner Gelöscht : C:\windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Baillan\AppData\Local\Temp\HulaToo
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Baillan\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\0f@OGVH2HmiT.net
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\9@jbiIchieA.org
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\aSJ@BrfjyrQ.org
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\bFCn@5.com
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\fd@5qV0HBr9.edu
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\ifKlf@b1NI.com
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\sF@OLBQQl1B.edu
Ordner Gelöscht : C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\Zvk@kfMSKN.com
Datei Gelöscht : C:\windows\SysWOW64\RegistryHelperLM.ocx

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Registry Helper]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P506cb264_010c_4600_9270_adf959277e9b_.P506cb264_010c_4600_9270_adf959277e9b_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P506cb264_010c_4600_9270_adf959277e9b_.P506cb264_010c_4600_9270_adf959277e9b_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P6f8172d4_4acb_411e_abdb_976128f8f34a_.P6f8172d4_4acb_411e_abdb_976128f8f34a_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P6f8172d4_4acb_411e_abdb_976128f8f34a_.P6f8172d4_4acb_411e_abdb_976128f8f34a_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{506cb264-010c-4600-9270-adf959277e9b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6f8172d4-4acb-411e-abdb-976128f8f34a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{506cb264-010c-4600-9270-adf959277e9b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f8172d4-4acb-411e-abdb-976128f8f34a}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{506cb264-010c-4600-9270-adf959277e9b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f8172d4-4acb-411e-abdb-976128f8f34a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{506cb264-010c-4600-9270-adf959277e9b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6f8172d4-4acb-411e-abdb-976128f8f34a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{506cb264-010c-4600-9270-adf959277e9b}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6f8172d4-4acb-411e-abdb-976128f8f34a}
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[wpouqvv8.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[wpouqvv8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.pFmt1emycVn7vMIU.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjCHrHr4rHgFrja8rjk4rTnGpdC\")>-1url.indexOf(\"acebook\")>-[...]

*************************

AdwCleaner[R0].txt - [7341 Bytes] - [13/02/2015 11:50:48]
AdwCleaner[S0].txt - [6764 Bytes] - [13/02/2015 11:51:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6823  Bytes] ##########

--- --- ---JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Baillan on 13.02.2015 at 11:59:11,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Baillan\AppData\Roaming\mozilla\firefox\profiles\wpouqvv8.default\prefs.js

user_pref("extensions.OTLxbrvuaQgi2Glp.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjCHrHr4rHgFrja8rjk4rTnGpdC\")>-1||u
user_pref("extensions.X46DGyOvoCfnfePI.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjCHrHr4rHgFrja8rjk4rTnGpdC\")>-1||u
user_pref("extensions.ZssFZOvVTgkryx4Z.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjCHrHr4rHgFrja8rjk4rTnGpdC\")>-1||u
user_pref("extensions.eznk6TcDzBrG1OWS.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjCHrHr4rHgFrja8rjk4rTnGpdC\")>-1||u
user_pref("extensions.nZM35iO5ULGWKesm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.rQDgpYn0U4f7Hjkt.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjCHrHr4rHgFrja8rjk4rTnGpdC\")>-1||u
user_pref("extensions.rwZCWzzK0p77D3Rk.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjCHrHr4rHgFrja8rjk4rTnGpdC\")>-1||u
user_pref("extensions.rwZCWzzK0p77D3Rk.url", "hxxp://redhatlovesite.org/sync2/?q=hfZ9ofV9CShEAen0rTUGrihTB6lKDzt4okqstNtVh7n0rjnFrTa8rjn9rjn6tMFHhd9FqdwGrdkFqdn9rdCMDMlGojUMAe
Emptied folder: C:\Users\Baillan\AppData\Roaming\mozilla\firefox\profiles\wpouqvv8.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.02.2015 at 12:00:22,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Baillan (administrator) on FABRICE on 13-02-2015 12:13:00
Running from C:\Users\Baillan\Downloads
Loaded Profiles: Baillan (Available profiles: Baillan)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Spotify Ltd) C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4464936 2014-01-24] (O&O Software GmbH)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-08-07] (Juniper Networks, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Spotify] => C:\Users\Baillan\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Spotify Web Helper] => C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Baillan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [4946856 2014-10-16] (Steganos Software GmbH)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {2bd41bf2-8396-11e3-8258-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {54db2e12-e983-11e3-826d-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {585e4dc4-f9eb-11e3-826f-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {ab4b125f-76dd-11e3-8254-806e6f6e6963} - "E:\autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{177DE549-9107-4370-A840-9FC4AE8BC2BE}\app_icon.ico ()
Startup: C:\Users\Baillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-21-590913564-4252522651-4106047901-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E858E2B0-42B3-4C6C-8171-56695B32ABF4}: [NameServer] 10.1.194.41,10.1.194.42
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default
FF Homepage: about:home
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\searchplugins\google-maps.xml
FF Extension: EPUBReader - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-13]
FF Extension: WOT - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-22]
FF Extension: Cliqz Beta - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\cliqz@cliqz.com.xpi [2014-09-03]
FF Extension: Adblock Plus - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-22]
FF Extension: OkayFreedom - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-18]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-01-10]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 774350ce; c:\Program Files (x86)\UpgraderLite\UpgraderLite.dll [1581056 2015-02-13] () [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-27] (Hewlett-Packard Company) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [321976 2014-10-16] (Steganos Software GmbH)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657128 2014-01-24] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks)
S4 jnprTdi_806_48695; C:\windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U4 AdobeARMservice; No ImagePath
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 X6va019; \??\C:\windows\SysWOW64\Drivers\X6va019 [X]
S3 X6va021; \??\C:\windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 12:00 - 2015-02-13 12:00 - 00002292 _____ () C:\Users\Baillan\Desktop\JRT.txt
2015-02-13 11:57 - 2015-02-13 11:57 - 01388274 _____ (Thisisu) C:\Users\Baillan\Desktop\JRT.exe
2015-02-13 11:55 - 2015-02-13 11:55 - 00006919 _____ () C:\Users\Baillan\Desktop\AdwCleaner[S0].txt
2015-02-13 11:51 - 2015-02-13 11:51 - 00000000 ____D () C:\ProgramData\Red AdBlocker
2015-02-13 11:50 - 2015-02-13 11:51 - 00000000 ____D () C:\AdwCleaner
2015-02-13 11:48 - 2015-02-13 11:48 - 02112512 _____ () C:\Users\Baillan\Downloads\AdwCleaner_4.110.exe
2015-02-13 11:39 - 2015-02-13 11:39 - 00035564 _____ () C:\Users\Baillan\Desktop\mbam.txt
2015-02-13 11:15 - 2015-02-13 11:35 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 11:15 - 2015-02-13 11:15 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-13 11:15 - 2015-02-13 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-13 11:15 - 2015-02-13 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-13 11:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-13 11:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-13 11:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-13 11:14 - 2015-02-13 11:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Baillan\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-13 11:11 - 2015-02-13 11:11 - 00000000 ____D () C:\Program Files (x86)\UpgraderLite
2015-02-13 10:52 - 2015-02-13 10:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Baillan\Downloads\revosetup95.exe
2015-02-13 10:52 - 2015-02-13 10:52 - 00001287 _____ () C:\Users\Baillan\Desktop\Revo Uninstaller.lnk
2015-02-13 10:52 - 2015-02-13 10:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-12 21:23 - 2015-02-12 21:23 - 02134016 _____ (Farbar) C:\Users\Baillan\Downloads\FRST64(1).exe
2015-02-12 21:20 - 2015-02-12 21:20 - 00041070 _____ () C:\Users\Baillan\Desktop\FRST.txt
2015-02-12 21:18 - 2015-02-12 21:18 - 00000476 _____ () C:\Users\Baillan\Downloads\defogger_disable.log
2015-02-12 21:18 - 2015-02-12 21:18 - 00000000 _____ () C:\Users\Baillan\defogger_reenable
2015-02-12 21:17 - 2015-02-12 21:17 - 00050477 _____ () C:\Users\Baillan\Downloads\Defogger.exe
2015-02-12 20:48 - 2015-02-12 20:50 - 00035177 _____ () C:\Users\Baillan\Downloads\Addition.txt
2015-02-12 20:45 - 2015-02-13 12:13 - 00021913 _____ () C:\Users\Baillan\Downloads\FRST.txt
2015-02-12 20:45 - 2015-02-13 12:13 - 00000000 ____D () C:\FRST
2015-02-12 20:44 - 2015-02-12 20:44 - 02134016 _____ (Farbar) C:\Users\Baillan\Downloads\FRST64.exe
2015-02-12 20:39 - 2015-02-12 20:39 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-12 20:39 - 2015-02-12 20:39 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-12 20:39 - 2015-02-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-12 20:37 - 2015-02-12 20:37 - 00243664 _____ () C:\Users\Baillan\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-12 20:07 - 2015-02-12 20:07 - 00000000 ____D () C:\Program Files (x86)\Ultimate Football Results
2015-02-12 19:43 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-12 19:42 - 2015-02-12 19:42 - 00000000 __SHD () C:\Users\Baillan\AppData\Local\EmieBrowserModeList
2015-02-12 19:42 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-12 19:42 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-12 19:42 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-12 19:42 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-01-30 20:49 - 2015-01-30 20:49 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-16 18:17 - 2015-01-16 18:17 - 00000000 ____D () C:\ProgramData\dmphgiejllnfdeppeeplfjeekghmonbp
2015-01-16 17:45 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-16 17:45 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-16 17:45 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-16 17:45 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-16 17:45 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-16 17:45 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-16 17:45 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-16 17:45 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-16 17:45 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-16 17:45 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-16 17:45 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-16 17:45 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-16 17:45 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-16 17:45 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-16 17:45 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-16 17:45 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-16 17:45 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-16 17:45 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-16 17:45 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-16 17:45 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-16 17:45 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 12:04 - 2014-01-06 19:22 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-590913564-4252522651-4106047901-1001
2015-02-13 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-13 11:57 - 2013-11-30 07:48 - 00757756 _____ () C:\windows\system32\perfh007.dat
2015-02-13 11:57 - 2013-11-30 07:48 - 00173028 _____ () C:\windows\system32\perfc007.dat
2015-02-13 11:57 - 2013-11-30 07:43 - 00790536 _____ () C:\windows\system32\perfh00C.dat
2015-02-13 11:57 - 2013-11-30 07:43 - 00173774 _____ () C:\windows\system32\perfc00C.dat
2015-02-13 11:57 - 2013-08-24 22:38 - 02749512 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-13 11:56 - 2014-11-20 18:32 - 00000000 ___RD () C:\Users\Baillan\Dropbox
2015-02-13 11:56 - 2014-01-07 19:26 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Spotify
2015-02-13 11:55 - 2014-12-18 18:14 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Steganos VPN
2015-02-13 11:55 - 2014-05-23 12:38 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Dropbox
2015-02-13 11:53 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-13 11:52 - 2013-08-24 22:32 - 00098544 _____ () C:\windows\PFRO.log
2015-02-13 11:52 - 2013-08-22 15:46 - 00041056 _____ () C:\windows\setupact.log
2015-02-13 11:49 - 2014-04-07 20:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 11:43 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2015-02-13 11:30 - 2014-01-06 15:23 - 01952089 _____ () C:\windows\WindowsUpdate.log
2015-02-13 11:30 - 2013-08-22 15:45 - 00000000 ____D () C:\windows\Setup
2015-02-13 11:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-13 11:07 - 2013-08-22 15:44 - 00493336 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-13 11:04 - 2014-12-13 21:20 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-13 11:04 - 2014-07-10 19:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-13 11:01 - 2014-01-09 17:41 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-13 11:01 - 2014-01-09 17:41 - 00000000 ____D () C:\windows\system32\MRT
2015-02-13 11:01 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-13 10:58 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-13 10:51 - 2014-11-20 18:32 - 00001042 _____ () C:\Users\Baillan\Desktop\Dropbox.lnk
2015-02-13 10:51 - 2014-11-20 18:31 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 10:50 - 2014-01-06 15:25 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{514AC32F-7C86-4F8E-9FD7-95E995D82BD2}
2015-02-12 21:18 - 2014-01-06 15:23 - 00000000 ____D () C:\Users\Baillan
2015-02-12 21:07 - 2014-12-05 15:39 - 00000000 ____D () C:\Users\Baillan\AppData\Local\CrashDumps
2015-02-12 20:42 - 2014-01-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-12 19:43 - 2014-01-06 20:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-12 19:42 - 2014-01-06 20:29 - 00000000 ____D () C:\Users\Baillan\AppData\Local\Google
2015-02-12 19:36 - 2014-04-07 20:37 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 19:34 - 2014-01-07 19:27 - 00000000 ____D () C:\Users\Baillan\AppData\Local\Spotify
2015-01-19 22:32 - 2014-12-16 20:39 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-16 20:39 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-01-06 21:21 - 2014-01-06 21:43 - 0007611 _____ () C:\Users\Baillan\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Baillan\AppData\Local\Temp\ANPDApi.dll
C:\Users\Baillan\AppData\Local\Temp\aoe3-114-german.exe
C:\Users\Baillan\AppData\Local\Temp\downloader.dll
C:\Users\Baillan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpglttlh.dll
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100088.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100096.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100106.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100112.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\Baillan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Baillan\AppData\Local\Temp\install_flashplayer14x32au_mssa_aaa_aih.exe
C:\Users\Baillan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Baillan\AppData\Local\Temp\Quarantine.exe
C:\Users\Baillan\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_23a9c498-5d82-48d5-810f-64a3d8f7304f_TX_DB_.exe
C:\Users\Baillan\AppData\Local\Temp\sqlite3.dll
C:\Users\Baillan\AppData\Local\Temp\standalonepatcher.exe
C:\Users\Baillan\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-20 16:26

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 13.02.2015, 20:24

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

baillan · 15.02.2015, 13:43

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=636751be54b0be42865c5ad9cdaef462
# engine=22476
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-14 11:20:23
# local_time=2015-02-15 12:20:23 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 131338 14260342 0 0
# scanned=191981
# found=30
# cleaned=0
# scan_time=9385
sh=8E93740966BA73F797D44E06261D90B433A2ACBD ft=1 fh=c71c0011e74117ce vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCCheapiPricee\Zi7e9JawKNfkw7.dll.vir"
sh=B5C30C332F71692D05F5A163332028E9E3B59176 ft=1 fh=e5f2212712c4a9c8 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCCheapiPricee\Zi7e9JawKNfkw7.x64.dll.vir"
sh=6B621B4CA688AFA20EAAAA9AF0DDC313B2362FB0 ft=1 fh=c71c00111f879ee5 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\RegullarDeallS\mTj1RFhjJfaNDy.dll.vir"
sh=6846423A48F90C458C16DEFE7E9D92EC51D49B46 ft=1 fh=8ed56cb48584d8c3 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\RegullarDeallS\mTj1RFhjJfaNDy.x64.dll.vir"
sh=E791C9164A4F17FDA4F55442945346462FA1CA23 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\0f@OGVH2HmiT.net\content\bg.js.vir"
sh=8014612FE4E86AFDA37999954AC8207AFE6BF807 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\9@jbiIchieA.org\content\bg.js.vir"
sh=2B089A469713E65BB5B1E8601734669BE0667166 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\aSJ@BrfjyrQ.org\content\bg.js.vir"
sh=1DCE1163222BB4CFDE41C543011F9D56338009D4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\bFCn@5.com\content\bg.js.vir"
sh=93D10F53BA2E23A2E681A417D2AB4E56F26A61E7 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\fd@5qV0HBr9.edu\content\bg.js.vir"
sh=BAB2943DD7FA41813A7C844026DF3B05D38CF1DF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\ifKlf@b1NI.com\content\bg.js.vir"
sh=AED27064B2B28568C80025400C92ADB068FC279B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\sF@OLBQQl1B.edu\content\bg.js.vir"
sh=61A3881BFDFB5175F2A6E6FD537E5A5B3A1CCC3B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\Zvk@kfMSKN.com\content\bg.js.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="Variante von Win32/Systweak.N evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=B8ED6D5A4537284C2C2F35C7236E57C50866592F ft=1 fh=c71c001130b855cf vn="Variante von Win32/SProtector.O evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\UpgraderLite\UpgraderLite.dll"
sh=C2DAA9DDB3B35DD8DABBACE53020A1A4A785E1D5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\dmphgiejllnfdeppeeplfjeekghmonbp\DApwbyD.js"
sh=C70EB0EAC781E2374971AEA93EB27899D173D016 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\pjigibplibdclndolkajhcookogbpjgh\apgk.js"
sh=C2DAA9DDB3B35DD8DABBACE53020A1A4A785E1D5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\dmphgiejllnfdeppeeplfjeekghmonbp\DApwbyD.js"
sh=C70EB0EAC781E2374971AEA93EB27899D173D016 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\pjigibplibdclndolkajhcookogbpjgh\apgk.js"
sh=1BFA179C7DBDA181CE8ED124BEB4091574B7C9B3 ft=1 fh=c71c00111fb72831 vn="Variante von Win32/Adware.MultiPlug.DX Anwendung" ac=I fn="C:\Users\Baillan\AppData\Local\Temp\64f81b15e9a78\temp\putfu.exe"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Baillan\AppData\Local\Temp\DMR\dmr_72.exe"
sh=FB3F2E77CEBDC706721E75B695039B232B19A48E ft=1 fh=2d5664f1815eeba5 vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Baillan\AppData\Local\Temp\is-0QCB8.tmp\OptProCrash.dll"
sh=137A70A2E9217F23D70CF25D956D6D2F1C70ADCC ft=1 fh=a349b983a7c2545e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Baillan\Downloads\Calibre 32 Bit - CHIP-Installer.exe"
sh=49ACAFACAAC62A745E69D71A58CC9453C41B15D0 ft=1 fh=b98f31ba52914450 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Baillan\Downloads\UBCD4WinV360.exe"
sh=F661D5984279F8E188AFCBF3A07938F4B0305622 ft=1 fh=7d031498b8c1af67 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Baillan\Downloads\Windows Defender - CHIP-Installer.exe"
sh=759443A17F389C99E242C3D223C5673099E6ECC7 ft=1 fh=acbe0709ebfea47e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Baillan\Downloads\Windows_KB890830_x86_V5.19 - CHIP-Installer.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=636751be54b0be42865c5ad9cdaef462
# engine=22479
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-15 11:51:11
# local_time=2015-02-15 12:51:11 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 172786 14305390 0 0
# scanned=250731
# found=30
# cleaned=28
# scan_time=10555
sh=C2DAA9DDB3B35DD8DABBACE53020A1A4A785E1D5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\dmphgiejllnfdeppeeplfjeekghmonbp\DApwbyD.js"
sh=C70EB0EAC781E2374971AEA93EB27899D173D016 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\pjigibplibdclndolkajhcookogbpjgh\apgk.js"
sh=8E93740966BA73F797D44E06261D90B433A2ACBD ft=1 fh=c71c0011e74117ce vn="Variante von Win32/Adware.MultiPlug.EG Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCCheapiPricee\Zi7e9JawKNfkw7.dll.vir"
sh=B5C30C332F71692D05F5A163332028E9E3B59176 ft=1 fh=e5f2212712c4a9c8 vn="Variante von Win64/Adware.MultiPlug.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AllCCheapiPricee\Zi7e9JawKNfkw7.x64.dll.vir"
sh=6B621B4CA688AFA20EAAAA9AF0DDC313B2362FB0 ft=1 fh=c71c00111f879ee5 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\RegullarDeallS\mTj1RFhjJfaNDy.dll.vir"
sh=6846423A48F90C458C16DEFE7E9D92EC51D49B46 ft=1 fh=8ed56cb48584d8c3 vn="Variante von Win64/Adware.MultiPlug.F Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\RegullarDeallS\mTj1RFhjJfaNDy.x64.dll.vir"
sh=E791C9164A4F17FDA4F55442945346462FA1CA23 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\0f@OGVH2HmiT.net\content\bg.js.vir"
sh=8014612FE4E86AFDA37999954AC8207AFE6BF807 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\9@jbiIchieA.org\content\bg.js.vir"
sh=2B089A469713E65BB5B1E8601734669BE0667166 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\aSJ@BrfjyrQ.org\content\bg.js.vir"
sh=1DCE1163222BB4CFDE41C543011F9D56338009D4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\bFCn@5.com\content\bg.js.vir"
sh=93D10F53BA2E23A2E681A417D2AB4E56F26A61E7 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\fd@5qV0HBr9.edu\content\bg.js.vir"
sh=BAB2943DD7FA41813A7C844026DF3B05D38CF1DF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\ifKlf@b1NI.com\content\bg.js.vir"
sh=AED27064B2B28568C80025400C92ADB068FC279B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\sF@OLBQQl1B.edu\content\bg.js.vir"
sh=61A3881BFDFB5175F2A6E6FD537E5A5B3A1CCC3B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\Zvk@kfMSKN.com\content\bg.js.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="Variante von Win32/Systweak.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=B8ED6D5A4537284C2C2F35C7236E57C50866592F ft=1 fh=c71c001130b855cf vn="Variante von Win32/SProtector.O evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\UpgraderLite\UpgraderLite.dll"
sh=C2DAA9DDB3B35DD8DABBACE53020A1A4A785E1D5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\dmphgiejllnfdeppeeplfjeekghmonbp\DApwbyD.js"
sh=C70EB0EAC781E2374971AEA93EB27899D173D016 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\pjigibplibdclndolkajhcookogbpjgh\apgk.js"
sh=1BFA179C7DBDA181CE8ED124BEB4091574B7C9B3 ft=1 fh=c71c00111fb72831 vn="Variante von Win32/Adware.MultiPlug.DX Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Baillan\AppData\Local\Temp\64f81b15e9a78\temp\putfu.exe"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Baillan\AppData\Local\Temp\DMR\dmr_72.exe"
sh=FB3F2E77CEBDC706721E75B695039B232B19A48E ft=1 fh=2d5664f1815eeba5 vn="Variante von Win32/SProtector.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Baillan\AppData\Local\Temp\is-0QCB8.tmp\OptProCrash.dll"
sh=137A70A2E9217F23D70CF25D956D6D2F1C70ADCC ft=1 fh=a349b983a7c2545e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Baillan\Downloads\Calibre 32 Bit - CHIP-Installer.exe"
sh=49ACAFACAAC62A745E69D71A58CC9453C41B15D0 ft=1 fh=b98f31ba52914450 vn="Variante von Win32/Toolbar.Conduit.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Baillan\Downloads\UBCD4WinV360.exe"
sh=F661D5984279F8E188AFCBF3A07938F4B0305622 ft=1 fh=7d031498b8c1af67 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Baillan\Downloads\Windows Defender - CHIP-Installer.exe"
sh=759443A17F389C99E242C3D223C5673099E6ECC7 ft=1 fh=acbe0709ebfea47e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Baillan\Downloads\Windows_KB890830_x86_V5.19 - CHIP-Installer.exe"

Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Results of screen317's Security Check version 0.99.96
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Baillan (administrator) on FABRICE on 15-02-2015 13:42:37
Running from C:\Users\Baillan\Downloads
Loaded Profiles: Baillan (Available profiles: Baillan)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Spotify Ltd) C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4464936 2014-01-24] (O&O Software GmbH)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-08-07] (Juniper Networks, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Spotify] => C:\Users\Baillan\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Spotify Web Helper] => C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Baillan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [4946856 2014-10-16] (Steganos Software GmbH)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {2bd41bf2-8396-11e3-8258-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {54db2e12-e983-11e3-826d-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {585e4dc4-f9eb-11e3-826f-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {ab4b125f-76dd-11e3-8254-806e6f6e6963} - "E:\autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{177DE549-9107-4370-A840-9FC4AE8BC2BE}\app_icon.ico ()
Startup: C:\Users\Baillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-21-590913564-4252522651-4106047901-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default
FF Homepage: about:home
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\searchplugins\google-maps.xml
FF Extension: EPUBReader - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-13]
FF Extension: WOT - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-22]
FF Extension: Cliqz Beta - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\cliqz@cliqz.com.xpi [2014-09-03]
FF Extension: Adblock Plus - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-22]
FF Extension: OkayFreedom - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-18]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-01-10]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-27] (Hewlett-Packard Company) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [321976 2014-10-16] (Steganos Software GmbH)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657128 2014-01-24] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 774350ce; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\UpgraderLite\UpgraderLite.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks)
S4 jnprTdi_806_48695; C:\windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U4 AdobeARMservice; No ImagePath
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 X6va019; \??\C:\windows\SysWOW64\Drivers\X6va019 [X]
S3 X6va021; \??\C:\windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:42 - 2015-02-15 13:42 - 00000000 ____D () C:\Users\Baillan\Downloads\FRST-OlderVersion
2015-02-15 13:36 - 2015-02-15 13:36 - 00852594 _____ () C:\Users\Baillan\Downloads\SecurityCheck.exe
2015-02-14 21:41 - 2015-02-14 21:41 - 02347384 _____ (ESET) C:\Users\Baillan\Downloads\esetsmartinstaller_deu.exe
2015-02-13 11:57 - 2015-02-13 11:57 - 01388274 _____ (Thisisu) C:\Users\Baillan\Desktop\JRT.exe
2015-02-13 11:51 - 2015-02-13 11:51 - 00000000 ____D () C:\ProgramData\Red AdBlocker
2015-02-13 11:50 - 2015-02-13 11:51 - 00000000 ____D () C:\AdwCleaner
2015-02-13 11:48 - 2015-02-13 11:48 - 02112512 _____ () C:\Users\Baillan\Downloads\AdwCleaner_4.110.exe
2015-02-13 11:15 - 2015-02-13 11:35 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 11:15 - 2015-02-13 11:15 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-13 11:15 - 2015-02-13 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-13 11:15 - 2015-02-13 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-13 11:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-13 11:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-13 11:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-13 11:14 - 2015-02-13 11:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Baillan\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-13 11:11 - 2015-02-15 11:05 - 00000000 ____D () C:\Program Files (x86)\UpgraderLite
2015-02-13 10:52 - 2015-02-13 10:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Baillan\Downloads\revosetup95.exe
2015-02-13 10:52 - 2015-02-13 10:52 - 00001287 _____ () C:\Users\Baillan\Desktop\Revo Uninstaller.lnk
2015-02-13 10:52 - 2015-02-13 10:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-12 21:18 - 2015-02-12 21:18 - 00000476 _____ () C:\Users\Baillan\Downloads\defogger_disable.log
2015-02-12 21:18 - 2015-02-12 21:18 - 00000000 _____ () C:\Users\Baillan\defogger_reenable
2015-02-12 21:17 - 2015-02-12 21:17 - 00050477 _____ () C:\Users\Baillan\Downloads\Defogger.exe
2015-02-12 20:48 - 2015-02-12 20:50 - 00035177 _____ () C:\Users\Baillan\Downloads\Addition.txt
2015-02-12 20:45 - 2015-02-15 13:42 - 00021672 _____ () C:\Users\Baillan\Downloads\FRST.txt
2015-02-12 20:45 - 2015-02-15 13:42 - 00000000 ____D () C:\FRST
2015-02-12 20:44 - 2015-02-15 13:42 - 02134528 _____ (Farbar) C:\Users\Baillan\Downloads\FRST64.exe
2015-02-12 20:39 - 2015-02-12 20:39 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-12 20:39 - 2015-02-12 20:39 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-12 20:39 - 2015-02-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-12 20:37 - 2015-02-12 20:37 - 00243664 _____ () C:\Users\Baillan\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-12 20:07 - 2015-02-12 20:07 - 00000000 ____D () C:\Program Files (x86)\Ultimate Football Results
2015-02-12 19:43 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-12 19:43 - 2014-12-09 00:12 - 00391526 _____ () C:\windows\system32\ApnDatabase.xml
2015-02-12 19:42 - 2015-02-12 19:42 - 00000000 __SHD () C:\Users\Baillan\AppData\Local\EmieBrowserModeList
2015-02-12 19:42 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-12 19:42 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-12 19:42 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-12 19:42 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-01-30 20:49 - 2015-01-30 20:49 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-16 18:17 - 2015-02-15 11:05 - 00000000 ____D () C:\ProgramData\dmphgiejllnfdeppeeplfjeekghmonbp
2015-01-16 17:45 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-16 17:45 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-16 17:45 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-16 17:45 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-16 17:45 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-16 17:45 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-16 17:45 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-16 17:45 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-16 17:45 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-16 17:45 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-16 17:45 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-16 17:45 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-16 17:45 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-16 17:45 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-16 17:45 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-16 17:45 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-16 17:45 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-16 17:45 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-16 17:45 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-16 17:45 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-16 17:45 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:40 - 2014-01-06 15:23 - 01173825 _____ () C:\windows\WindowsUpdate.log
2015-02-15 13:38 - 2014-01-06 20:30 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Notepad++
2015-02-15 12:50 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-15 11:05 - 2014-12-05 15:39 - 00000000 ____D () C:\ProgramData\pjigibplibdclndolkajhcookogbpjgh
2015-02-15 10:49 - 2014-04-07 20:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 10:47 - 2014-11-20 18:32 - 00000000 ___RD () C:\Users\Baillan\Dropbox
2015-02-15 10:47 - 2014-01-07 19:26 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Spotify
2015-02-15 09:57 - 2014-01-06 15:25 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{514AC32F-7C86-4F8E-9FD7-95E995D82BD2}
2015-02-15 09:54 - 2014-12-18 18:14 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Steganos VPN
2015-02-15 09:54 - 2014-05-23 12:38 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Dropbox
2015-02-14 21:39 - 2014-01-07 19:27 - 00000000 ____D () C:\Users\Baillan\AppData\Local\Spotify
2015-02-13 12:50 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-13 12:31 - 2014-06-18 19:13 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-02-13 12:31 - 2014-01-06 19:22 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-590913564-4252522651-4106047901-1001
2015-02-13 11:57 - 2013-11-30 07:48 - 00757756 _____ () C:\windows\system32\perfh007.dat
2015-02-13 11:57 - 2013-11-30 07:48 - 00173028 _____ () C:\windows\system32\perfc007.dat
2015-02-13 11:57 - 2013-11-30 07:43 - 00790536 _____ () C:\windows\system32\perfh00C.dat
2015-02-13 11:57 - 2013-11-30 07:43 - 00173774 _____ () C:\windows\system32\perfc00C.dat
2015-02-13 11:57 - 2013-08-24 22:38 - 02749512 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-13 11:53 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-13 11:52 - 2013-08-24 22:32 - 00098544 _____ () C:\windows\PFRO.log
2015-02-13 11:52 - 2013-08-22 15:46 - 00041056 _____ () C:\windows\setupact.log
2015-02-13 11:43 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2015-02-13 11:30 - 2013-08-22 15:45 - 00000000 ____D () C:\windows\Setup
2015-02-13 11:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-13 11:07 - 2013-08-22 15:44 - 00493336 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-13 11:04 - 2014-12-13 21:20 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-13 11:04 - 2014-07-10 19:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-13 11:04 - 2014-01-09 17:41 - 00000000 ____D () C:\windows\system32\MRT
2015-02-13 11:01 - 2014-01-09 17:41 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-13 10:58 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-13 10:51 - 2014-11-20 18:32 - 00001042 _____ () C:\Users\Baillan\Desktop\Dropbox.lnk
2015-02-13 10:51 - 2014-11-20 18:31 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 21:18 - 2014-01-06 15:23 - 00000000 ____D () C:\Users\Baillan
2015-02-12 21:07 - 2014-12-05 15:39 - 00000000 ____D () C:\Users\Baillan\AppData\Local\CrashDumps
2015-02-12 20:42 - 2014-01-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-12 19:43 - 2014-01-06 20:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-12 19:42 - 2014-01-06 20:29 - 00000000 ____D () C:\Users\Baillan\AppData\Local\Google
2015-02-12 19:36 - 2014-04-07 20:37 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-16 20:39 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-16 20:39 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-01-06 21:21 - 2014-01-06 21:43 - 0007611 _____ () C:\Users\Baillan\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Baillan\AppData\Local\Temp\ANPDApi.dll
C:\Users\Baillan\AppData\Local\Temp\aoe3-114-german.exe
C:\Users\Baillan\AppData\Local\Temp\downloader.dll
C:\Users\Baillan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpanky5z.dll
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100088.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100096.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100106.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100112.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100126.exe
C:\Users\Baillan\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\Baillan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Baillan\AppData\Local\Temp\install_flashplayer14x32au_mssa_aaa_aih.exe
C:\Users\Baillan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Baillan\AppData\Local\Temp\Quarantine.exe
C:\Users\Baillan\AppData\Local\Temp\Setup.X86.de-DE_O365HomePremRetail_23a9c498-5d82-48d5-810f-64a3d8f7304f_TX_DB_.exe
C:\Users\Baillan\AppData\Local\Temp\sqlite3.dll
C:\Users\Baillan\AppData\Local\Temp\standalonepatcher.exe
C:\Users\Baillan\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 12:31

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 15.02.2015, 19:23

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-21-590913564-4252522651-4106047901-1001] => Internet Explorer proxy is enabled.
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
S2 774350ce; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\UpgraderLite\UpgraderLite.dll",serv
c:\Program Files (x86)\UpgraderLite
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

baillan · 15.02.2015, 22:32

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Baillan at 2015-02-15 22:20:42 Run:1
Running from C:\Users\Baillan\Downloads
Loaded Profiles: Baillan (Available profiles: Baillan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-21-590913564-4252522651-4106047901-1001] => Internet Explorer proxy is enabled.
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
S2 774350ce; "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\UpgraderLite\UpgraderLite.dll",serv
c:\Program Files (x86)\UpgraderLite
Emptytemp:

*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
774350ce => Service deleted successfully.
c:\Program Files (x86)\UpgraderLite => Moved successfully.
EmptyTemp: => Removed 721 MB temporary data.

The system needed a reboot.

==== End of Fixlog 22:20:59 ====

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Baillan (administrator) on FABRICE on 15-02-2015 22:29:20
Running from C:\Users\Baillan\Downloads
Loaded Profiles: Baillan (Available profiles: Baillan)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Spotify Ltd) C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Dropbox, Inc.) C:\Users\Baillan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4464936 2014-01-24] (O&O Software GmbH)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-08-07] (Juniper Networks, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Spotify] => C:\Users\Baillan\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Spotify Web Helper] => C:\Users\Baillan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Baillan\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [4946856 2014-10-16] (Steganos Software GmbH)
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {2bd41bf2-8396-11e3-8258-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {54db2e12-e983-11e3-826d-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {585e4dc4-f9eb-11e3-826f-54bef74f7c89} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\MountPoints2: {ab4b125f-76dd-11e3-8254-806e6f6e6963} - "E:\autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\O&O Defrag Tray.lnk
ShortcutTarget: O&O Defrag Tray.lnk -> C:\Windows\Installer\{177DE549-9107-4370-A840-9FC4AE8BC2BE}\app_icon.ico ()
Startup: C:\Users\Baillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Baillan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Baillan\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-590913564-4252522651-4106047901-1001\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {D0D47F25-6374-4494-8CA7-512B3CF18D5A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-590913564-4252522651-4106047901-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\searchplugins\google-maps.xml
FF Extension: EPUBReader - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-13]
FF Extension: WOT - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-22]
FF Extension: Cliqz Beta - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\cliqz@cliqz.com.xpi [2014-09-03]
FF Extension: Adblock Plus - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-22]
FF Extension: OkayFreedom - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-18]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-01-10]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-590913564-4252522651-4106047901-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Baillan\AppData\Roaming\Mozilla\Firefox\Profiles\wpouqvv8.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-27] (Hewlett-Packard Company) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [321976 2014-10-16] (Steganos Software GmbH)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1657128 2014-01-24] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-07-08] (Juniper Networks)
S4 jnprTdi_806_48695; C:\windows\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-07-08] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-07-08] (Juniper Networks, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U4 AdobeARMservice; No ImagePath
S3 RSUSBSTOR; \SystemRoot\System32\Drivers\RtsUStor.sys [X]
S3 X6va019; \??\C:\windows\SysWOW64\Drivers\X6va019 [X]
S3 X6va021; \??\C:\windows\SysWOW64\Drivers\X6va021 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 13:42 - 2015-02-15 22:20 - 00000000 ____D () C:\Users\Baillan\Downloads\FRST-OlderVersion
2015-02-15 13:36 - 2015-02-15 13:36 - 00852594 _____ () C:\Users\Baillan\Downloads\SecurityCheck.exe
2015-02-14 21:41 - 2015-02-14 21:41 - 02347384 _____ (ESET) C:\Users\Baillan\Downloads\esetsmartinstaller_deu.exe
2015-02-13 11:57 - 2015-02-13 11:57 - 01388274 _____ (Thisisu) C:\Users\Baillan\Desktop\JRT.exe
2015-02-13 11:51 - 2015-02-13 11:51 - 00000000 ____D () C:\ProgramData\Red AdBlocker
2015-02-13 11:50 - 2015-02-13 11:51 - 00000000 ____D () C:\AdwCleaner
2015-02-13 11:48 - 2015-02-13 11:48 - 02112512 _____ () C:\Users\Baillan\Downloads\AdwCleaner_4.110.exe
2015-02-13 11:15 - 2015-02-13 11:35 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 11:15 - 2015-02-13 11:15 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-13 11:15 - 2015-02-13 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-13 11:15 - 2015-02-13 11:15 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-13 11:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-13 11:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-13 11:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-13 11:14 - 2015-02-13 11:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Baillan\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-13 10:52 - 2015-02-13 10:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Baillan\Downloads\revosetup95.exe
2015-02-13 10:52 - 2015-02-13 10:52 - 00001287 _____ () C:\Users\Baillan\Desktop\Revo Uninstaller.lnk
2015-02-13 10:52 - 2015-02-13 10:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-12 21:18 - 2015-02-12 21:18 - 00000476 _____ () C:\Users\Baillan\Downloads\defogger_disable.log
2015-02-12 21:18 - 2015-02-12 21:18 - 00000000 _____ () C:\Users\Baillan\defogger_reenable
2015-02-12 21:17 - 2015-02-12 21:17 - 00050477 _____ () C:\Users\Baillan\Downloads\Defogger.exe
2015-02-12 20:48 - 2015-02-12 20:50 - 00035177 _____ () C:\Users\Baillan\Downloads\Addition.txt
2015-02-12 20:45 - 2015-02-15 22:29 - 00021467 _____ () C:\Users\Baillan\Downloads\FRST.txt
2015-02-12 20:45 - 2015-02-15 22:29 - 00000000 ____D () C:\FRST
2015-02-12 20:44 - 2015-02-15 22:20 - 02085888 _____ (Farbar) C:\Users\Baillan\Downloads\FRST64.exe
2015-02-12 20:39 - 2015-02-12 20:39 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-12 20:39 - 2015-02-12 20:39 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-12 20:39 - 2015-02-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-12 20:37 - 2015-02-12 20:37 - 00243664 _____ () C:\Users\Baillan\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-12 20:07 - 2015-02-12 20:07 - 00000000 ____D () C:\Program Files (x86)\Ultimate Football Results
2015-02-12 19:44 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-12 19:44 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-12 19:44 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-02-12 19:44 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-02-12 19:44 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-12 19:44 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-12 19:44 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-12 19:44 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-12 19:44 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-12 19:43 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-12 19:43 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-12 19:43 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-12 19:43 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-12 19:43 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-12 19:43 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-12 19:43 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-02-12 19:43 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-12 19:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-12 19:43 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-12 19:43 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-12 19:43 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-12 19:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-12 19:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-12 19:43 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-02-12 19:43 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-02-12 19:43 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-02-12 19:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-12 19:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-12 19:43 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-12 19:43 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-12 19:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-12 19:43 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-12 19:43 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-02-12 19:43 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-02-12 19:43 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-12 19:43 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-02-12 19:43 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-12 19:43 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-02-12 19:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-12 19:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-12 19:43 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-12 19:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-12 19:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-12 19:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-12 19:43 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-12 19:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-12 19:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-12 19:43 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-12 19:43 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-02-12 19:43 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-02-12 19:43 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-12 19:43 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-12 19:43 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-12 19:43 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-12 19:43 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-12 19:43 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-12 19:43 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-12 19:43 - 2014-12-09 00:12 - 00391526 _____ () C:\windows\system32\ApnDatabase.xml
2015-02-12 19:43 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-02-12 19:43 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-02-12 19:43 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-02-12 19:43 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-02-12 19:43 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-02-12 19:43 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-02-12 19:43 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-02-12 19:43 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-02-12 19:42 - 2015-02-12 19:42 - 00000000 __SHD () C:\Users\Baillan\AppData\Local\EmieBrowserModeList
2015-02-12 19:42 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-12 19:42 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-12 19:42 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-12 19:42 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-12 19:42 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-01-30 20:49 - 2015-01-30 20:49 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-16 18:17 - 2015-02-15 11:05 - 00000000 ____D () C:\ProgramData\dmphgiejllnfdeppeeplfjeekghmonbp
2015-01-16 17:45 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-16 17:45 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-16 17:45 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-16 17:45 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-16 17:45 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-16 17:45 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-16 17:45 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-16 17:45 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-16 17:45 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-16 17:45 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-16 17:45 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-16 17:45 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-16 17:45 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-16 17:45 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-16 17:45 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-16 17:45 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-16 17:45 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-16 17:45 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-16 17:45 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-16 17:45 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-16 17:45 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-16 17:45 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-16 17:45 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 22:28 - 2013-11-30 07:48 - 00757756 _____ () C:\windows\system32\perfh007.dat
2015-02-15 22:28 - 2013-11-30 07:48 - 00173028 _____ () C:\windows\system32\perfc007.dat
2015-02-15 22:28 - 2013-11-30 07:43 - 00790536 _____ () C:\windows\system32\perfh00C.dat
2015-02-15 22:28 - 2013-11-30 07:43 - 00173774 _____ () C:\windows\system32\perfc00C.dat
2015-02-15 22:28 - 2013-08-24 22:38 - 02749512 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-15 22:26 - 2014-11-20 18:32 - 00000000 ___RD () C:\Users\Baillan\Dropbox
2015-02-15 22:26 - 2014-05-23 12:38 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Dropbox
2015-02-15 22:26 - 2014-01-07 19:26 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Spotify
2015-02-15 22:25 - 2014-12-18 18:14 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Steganos VPN
2015-02-15 22:23 - 2013-08-24 22:32 - 00099930 _____ () C:\windows\PFRO.log
2015-02-15 22:23 - 2013-08-22 15:46 - 00041172 _____ () C:\windows\setupact.log
2015-02-15 22:23 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-15 22:21 - 2014-01-06 15:23 - 01314159 _____ () C:\windows\WindowsUpdate.log
2015-02-15 22:19 - 2014-01-06 15:25 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{514AC32F-7C86-4F8E-9FD7-95E995D82BD2}
2015-02-15 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-15 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-02-15 14:01 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2015-02-15 13:49 - 2014-04-07 20:37 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 13:39 - 2014-01-06 20:30 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Notepad++
2015-02-15 12:51 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-02-15 11:05 - 2014-12-05 15:39 - 00000000 ____D () C:\ProgramData\pjigibplibdclndolkajhcookogbpjgh
2015-02-14 21:39 - 2014-01-07 19:27 - 00000000 ____D () C:\Users\Baillan\AppData\Local\Spotify
2015-02-13 12:31 - 2014-06-18 19:13 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-02-13 12:31 - 2014-01-06 19:22 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-590913564-4252522651-4106047901-1001
2015-02-13 11:43 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2015-02-13 11:30 - 2013-08-22 15:45 - 00000000 ____D () C:\windows\Setup
2015-02-13 11:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-13 11:07 - 2013-08-22 15:44 - 00493336 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-13 11:04 - 2014-12-13 21:20 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-13 11:04 - 2014-07-10 19:38 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-13 11:04 - 2014-01-09 17:41 - 00000000 ____D () C:\windows\system32\MRT
2015-02-13 11:01 - 2014-01-09 17:41 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-13 10:51 - 2014-11-20 18:32 - 00001042 _____ () C:\Users\Baillan\Desktop\Dropbox.lnk
2015-02-13 10:51 - 2014-11-20 18:31 - 00000000 ____D () C:\Users\Baillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 21:18 - 2014-01-06 15:23 - 00000000 ____D () C:\Users\Baillan
2015-02-12 21:07 - 2014-12-05 15:39 - 00000000 ____D () C:\Users\Baillan\AppData\Local\CrashDumps
2015-02-12 20:42 - 2014-01-06 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-12 19:43 - 2014-01-06 20:29 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-12 19:42 - 2014-01-06 20:29 - 00000000 ____D () C:\Users\Baillan\AppData\Local\Google
2015-02-12 19:36 - 2014-04-07 20:37 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-16 20:39 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-16 20:39 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-01-06 21:21 - 2014-01-06 21:43 - 0007611 _____ () C:\Users\Baillan\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\Baillan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0eab3c.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 13:48

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Vielen herzlichen Dank für die Hilfe!

Weiss deine Mühe sehr zu schätzen Schrauber

Darf ich fragen aus welcher Motivation ihr das macht?

schrauber · 16.02.2015, 18:00

Das frag ich mich auch immer wieder

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

baillan · 16.02.2015, 21:06

Alles gut . Nochmals Besten Dank!

schrauber · 17.02.2015, 13:10

Gern Geschehen

17.02.2015, 13:10	#12
schrauber /// the machine /// TB-Ausbilder	Windows 8.1 64 Bit Internettabs öffnen sich automatisch Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 8.1 64 Bit Internettabs öffnen sich automatisch

Log-Analyse und Auswertung: Windows 8.1 64 Bit Internettabs öffnen sich automatisch